package com.bdqn.ch10.controller;

import com.bdqn.ch10.pojo.SysRole;
import com.bdqn.ch10.pojo.SysUser;
import jakarta.servlet.http.HttpSession;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;

import java.util.List;

@Controller
public class IndexController {

    @RequestMapping(value = "/login")
    public String login(String usrName , String usrPassword , HttpSession session , Model model){
        try {
            UsernamePasswordToken token = new UsernamePasswordToken(usrName , usrPassword);

            Subject subject = SecurityUtils.getSubject();
            subject.login(token);

            SysUser user = (SysUser) Subjec.getPrincipal();

            SysRole role = user.getRole();

            List<SysRole>rights = roleService.findRightsByRole();
            role.getRights().addAll(rights);
            session.setAttribute("loginUser",user);
        }
    }

    @RequestMapping(value = "/403")
    public String unauthorized(){
        return "403";
    }

}
